Good morning,
everyone. Welcome to the Commerce Department and thank you for being here for
today’s important dialogue.

Nearly two
months ago in this room, we announced the President’s Executive Order on
improving cybersecurity for critical infrastructure.

As we have all
seen in the news, concern about cybersecurity threats and risks has continued to
grow. Clearly, this is one of the most critical issues facing both our nation’s
security and our nation’s economy in the 21st century.

Protecting
America’s businesses and infrastructure from attacks is crucial to ensuring that
our economy will keep growing.

The question is
“How can we do that?” To which the only viable answer is “Together.” That’s what
today’s discussions are all about.

The good news is
this: Many innovative approaches to cybersecurity challenges already exist in
businesses and organizations around the country.

I’m sure that
some of you here today have implemented cybersecurity enhancements in your firms
and perhaps even in your industry groups and associations.

Sharing and
spreading those ideas and approaches more broadly has never been more
important.

The Executive
Order directs the Commerce Department’s National Institute of Standards and
Technology – NIST – to develop a voluntary program – a Framework – that will
promote best practices at critical infrastructure
facilities.

To build this
Framework, we need to hear from industry about the best practices and standards
that should be included.

As many of you
know, NIST has a century-long track record of close and successful partnerships
with industry, tackling a large number of complex scientific and engineering
challenges.

For example, we
worked with some of the firms represented here today to develop voluntary
frameworks for Smart Grid interoperability and security, as well as health IT.

Today, NIST
Director Patrick Gallagher and his team are eager to hear more about how we can
collaborate effectively and nimbly across many sectors. We want to hear from
you.

What are you
doing now to reduce cybersecurity risks? What are the threats that you face? And
what threats do you anticipate in the near future? How can the marketplace for
new technologies and services best meet your cybersecurity needs? And how can we
continue to grow this partnership in the months and years
ahead?

The input we
receive today will add to written comments that we are receiving in response to
our recent Request for Information. In that RFI, we asked how people like you
currently manage cyber risk, what standards and policies you use, and what
challenges you face.

Those responses
are due Monday, and we look forward to that input as well.

As NIST analyzes
those responses and begins to develop a Framework, we will continue to host more
public workshops like this one throughout the country – sharing and refining
ideas along the way.

And we will move
quickly because the first draft of the Framework is due in just eight
months.

The long-term
goal is to develop a living framework that adapts as the risks “out there”
change, and that relies on industry-developed standards to help businesses and
organizations know when and where they might be behind the curve.

Constant
awareness of both evolving threats as well as technological advances in
cybersecurity must become the norm.

Again – and I
can’t emphasize this enough – the success of this effort is largely dependent on
industry involvement. You are the ones who can help empower owners and operators
of critical infrastructure – and others – to make the best possible decisions in
cybersecurity.

Once the
framework is published, the Department of Homeland Security will create a
voluntary program for its implementation in critical infrastructure areas such
as water, electric, nuclear and transportation.

In fact, a
little later, you will hear from DHS Deputy Secretary, Jane Lute, who will talk
about how DHS is implementing its responsibilities under the Executive Order and
the Presidential Policy Directive. I believe she will also discuss how DHS is
building a process to allow increased threat-sharing information with industry.

And while DHS
builds these programs, NIST will continually receive input from industry leaders
and the public to ensure that the Framework remains both current and
flexible.

More immediately
– and also as part of the Executive Order – the departments of Commerce,
Treasury and Homeland Security are required to report to the President on the
most effective incentives to encourage even more companies to get involved with
the Framework.

To that end, I’m
pleased to say that the Commerce Department just issued a Notice of Inquiry.
We’re asking for opinions from you and other stakeholders on what incentives
might work best.

I’m sure that we
will get comments in areas ranging from tax incentives, to liability
protections, and much more. Public comments are open until April 27, and I want
to thank you in advance for your insights.

In closing, now
more than ever, we need your commitment and your leadership to help protect
American businesses and America’s infrastructure.

The President
understands that this will take a whole of government approach – an approach
that draws from the most advanced ideas, the strongest efforts, and the best
practices in our intelligence, security, law enforcement, and economic agencies.
And he knows that government cannot and should not do it
alone.

We must work
hand-in-hand with all of you to ensure that America’s businesses will be both
aware of cybersecurity problems and proactive in adopting best practices to
protect themselves and our economy.

Today’s program
will help build this public-private partnership. You have a great lineup of
speakers and panelists who reflect a diverse cross-section of sectors and
expertise areas.

To get us
started, we are going to hear from White House Cybersecurity Coordinator Michael
Daniel. As you may know, he and the National Security Staff at the White House
worked tirelessly to ensure that a broad set of stakeholder views were reflected
as the Executive Order came together. He will talk about cross-government
implementation of the E.O.

So, thank you
all for coming. I hope you have a wonderful and productive day. Now please
welcome one of the nation’s leaders on national security and cybersecurity
issues – Michael Daniel.